diff options
Diffstat (limited to 'src/man/firejail-profile.txt')
-rw-r--r-- | src/man/firejail-profile.txt | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 246098bb7..5167a4c42 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -7,15 +7,18 @@ profile \- Security profile file syntax for Firejail | |||
7 | firejail \-\-profile=filename.profile | 7 | firejail \-\-profile=filename.profile |
8 | 8 | ||
9 | .SH DESCRIPTION | 9 | .SH DESCRIPTION |
10 | Several Firejail command line configuration options can be passed to the program using | 10 | Several command line options can be passed to the program using |
11 | profile files. | 11 | profile files. Firejail chooses the profile file as follows: |
12 | Firejail chooses a security profile in the following order: | ||
13 | 12 | ||
14 | 1. If a profile is provided by the user with --profile option, the profile is loaded. | 13 | 1. If a profile file is provided by the user with --profile option, the profile file is loaded. |
15 | Example: | 14 | Example: |
16 | .PP | 15 | .PP |
17 | .RS | 16 | .RS |
18 | $ firejail --profile=/home/netblue/icecat.profile icecat | 17 | $ firejail --profile=/home/netblue/icecat.profile icecat |
18 | .br | ||
19 | Reading profile /home/netblue/icecat.profile | ||
20 | .br | ||
21 | [...] | ||
19 | .RE | 22 | .RE |
20 | 23 | ||
21 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or | 24 | 2. If a profile file with the same name as the application is present in ~/.config/firejail directory or |
@@ -26,7 +29,6 @@ $ firejail icecat | |||
26 | .br | 29 | .br |
27 | Command name #icecat# | 30 | Command name #icecat# |
28 | .br | 31 | .br |
29 | .br | ||
30 | Found icecat profile in /home/netblue/.config/firejail directory | 32 | Found icecat profile in /home/netblue/.config/firejail directory |
31 | .br | 33 | .br |
32 | Reading profile /home/netblue/.config/firejail/icecat.profile | 34 | Reading profile /home/netblue/.config/firejail/icecat.profile |
@@ -34,29 +36,31 @@ Reading profile /home/netblue/.config/firejail/icecat.profile | |||
34 | [...] | 36 | [...] |
35 | .RE | 37 | .RE |
36 | 38 | ||
37 | 3. Use the default profile in /etc/firejail/generic.profile. This can be disabled with --noprofile. Example: | 39 | 3. Use a default.profile file if the sandbox |
40 | is started by a regular user, or a server.profile file if the sandbox | ||
41 | is started by root. Firejail looks for these files in ~/.config/firejail directory, followed by /etc/firejail directory. | ||
42 | To disable default profile loading, use --noroot command option. Example: | ||
38 | .PP | 43 | .PP |
39 | .RS | 44 | .RS |
40 | $ firejail \-\-noprofile | 45 | $ firejail |
46 | .br | ||
47 | Reading profile /etc/firejail/generic.profile | ||
41 | .br | 48 | .br |
42 | Parent pid 8553, child pid 8554 | 49 | Parent pid 8553, child pid 8554 |
43 | .br | 50 | .br |
44 | Child process initialized | 51 | Child process initialized |
45 | .br | 52 | .br |
46 | $ exit | 53 | [...] |
47 | .br | 54 | .br |
55 | |||
48 | .br | 56 | .br |
49 | parent is shutting down, bye... | 57 | $ firejail \-\-noprofile |
50 | .br | ||
51 | $ firejail | ||
52 | .br | ||
53 | Reading profile /etc/firejail/generic.profile | ||
54 | .br | 58 | .br |
55 | Parent pid 8553, child pid 8554 | 59 | Parent pid 8553, child pid 8554 |
56 | .br | 60 | .br |
57 | Child process initialized | 61 | Child process initialized |
58 | .br | 62 | .br |
59 | $ | 63 | [...] |
60 | .RE | 64 | .RE |
61 | 65 | ||
62 | .SH Scripting | 66 | .SH Scripting |